SSO for the Paying Organization

Does your organization have an Identity Domain?

An Identity Domain (sometimes referred to as an IDCS Stripe) is included with all Oracle Cloud Accounts. From December 2025 all new Aconex paying customers are required to activate their Aconex subscription into an Oracle Cloud Account, which also includes an Identity Domain. 

If your organization uses other Oracle products, such as P6, OPC, Unifier, ERP, you may already have an Identity Domain. Determine if you can use your existing Identity Domain or if you need to create a new one.

Before you begin

• If you have users in your organization that will not be included in your SSO system, learn to manage them so they can still access Aconex. 
• If your organization uses the AU2 instance of Aconex, you'll need to create a separate Identity Domain in your cloud account for managing SSO for AU2 only.

Use my organization's existing Identity Domain

Follow these steps if your organization already has an Identity Domain. You must complete all steps sequentially to ensure your SSO configuration is a success.

1. Your technical contact sets up the Identity Domain with the SAML configuration for their Identity Provider (e.g. Entre ID, ADFS, or other). You may need assistance from your organization's IT department. 
2. Your technical contact raises a support request ticket with the subject Aconex SSO activation request and provides the following information for each organization you manage that you want to enable SSO for:

• The Aconex instance the organization is registered on.
• An attached screenshot of the Organization Details page (under the Setup menu) in Aconex, clearly showing the Aconex organization name, organization ID, and postcode. See an example screenshot.
• Your Identity Domain URL.
  The URL will look something like this: https://idcs-{ID}.identity.oraclecloud.com/ui/v1/myconsole. You can find your Domain URL in the overview screen. Learn more

3. Oracle will configure the Lobby to use your Identity Domain. Your technical contact will be notified in the support request ticket when this is completed.

Important: Your technical contact must complete the next step to create an Identity Provider Policy as soon as possible after receiving notification from Oracle. Delaying this step will disrupt access to Aconex for all users in your organization.

4. Your technical contact creates an Identity Provider Policy in your Identity Domain. You may need assistance from your organization's IT department.
5. Your technical contact signs in to the Lobby to test and ensure the SSO authentication is successful. You should be taken to your organization's Single Sign-On screen. Enter your SSO username and password, and the Lobby will open. If this does not happen, you must go back and complete the previous step.
6. Your organization's users will be redirected to your organization's Single Sign-On screen when they next try to access Aconex or the Lobby. If they are not automatically redirected, they need to click the change email address icon on the sign in screen, re-enter their email address, and click Sign In.

My organization needs an Identity Domain

Follow these steps if your organization doesn't have an Identity Domain, or needs a separate one for Aconex. You must complete all steps sequentially to ensure your SSO configuration is a success.

1. Your technical contact raises a support request ticket with the subject Aconex SSO activation request and provides the following information for each organization you manage that you want to enable SSO for:

• Their full name and email address. We'll use this information to create them as the admin for your organization's new Oracle Cloud Account.
• The Aconex instance the organization is registered on.
• An attached screenshot of the Organization Details page (under the Setup menu) in Aconex, clearly showing the Aconex organization name, organization ID, and postcode. See an example screenshot. 

2. Your technical contact will receive an email to activate their Aconex subscription into an Oracle Cloud Account.
3. Your technical contact activates the Oracle Cloud Account.
4. Your technical contact sets up the Identity Domain with the SAML configuration for their Identity Provider (e.g. Entre ID, ADFS, or other). You may need assistance from your organization's IT department.
5. Your technical contact replies to the support request ticket created when you initiated your request to setup SSO and confirms they have configured the Identity Domain. They also provide the ID for the account. The easiest way to do this is to paste your Domain URL into the ticket.
   The URL will look something like this: https://idcs-{ID}.identity.oraclecloud.com/ui/v1/myconsole. You can find your Domain URL in the overview screen. Learn more
6. Oracle will configure the Lobby to use your Identity Domain. Your technical contact will be notified in the support request ticket when this is completed.

Important: Your technical contact must complete the next step to create an Identity Provider Policy as soon as possible after receiving notification from Oracle. Delaying this step will disrupt access to Aconex for all users in your organization.

7. Your technical contact creates an Identity Provider Policy in your Identity Domain. You may need assistance from your organization's IT department.
8. Your technical contact signs in to the Lobby to test and ensure the SSO authentication is successful. You should be taken to your organization's Single Sign-On screen. Enter your SSO username and password, and the Lobby will open. If this does not happen, you must go back and complete the previous step.
9. Your organization's users will be redirected to your organization's Single Sign-On screen when they next try to access Aconex or the Lobby. If they are not automatically redirected, they need to click the change email address icon on the sign in screen, re-enter their email address, and click Sign In.